Ransomware

Page Content

Issue

Ransomware is a type of malicious software (malware) that encrypts users' files or blocks access to their computer systems until the user pays the criminal a fee to release them. This exploitation scam targets and exploits both human weaknesses and technical vulnerabilities, in that malware is often delivered through email via infested attachments and links that direct users to an infected website.

In May 2016, the FBI reported that ransomware infections caused more than $1.6 million in losses in 2015 for individuals and businesses of all sizes. The impact to businesses can be devastating, as these attacks can result in the temporary or permanent loss of sensitive or proprietary information, disruption to operations, financial losses incurred from disrupted business operations and restoring systems and files, and potential harm to the institutions' reputation.

To protect against ransomware attacks, the FBI recommends the following:

Always use antivirus software and a firewall.

Enable popup blockers.

Always back up the files on your computer and mobile devices and keep the backups offline.

Be cautious when opening emails or attachments you're not expecting or from senders you do not know.

Always avoid suspicious websites.

Since criminals often depend on employees to download the malware onto the network, it is important to educate staff on this and other emerging threats. In addition, since ransomware techniques will continue to evolve and become more sophisticated, banks should also focus on implementing robust business continuity and remediation plans in place, should they become infected and lose access to important information. The FBI recommends that companies regularly back up data and secure backups through offline physical or cloud storage.

If you are a victim of a ransomware attack, immediately disconnect the affected device from the Internet and isolate it from the network, but do not turn it off as this can result in a loss of valuable forensic data. Contact your local law enforcement agency and FBI field office and report the incident to the FS-ISAC's Security Operations Center and the FBI's Internet Crime Complaint Center at www.IC3.gov.